4190 matches found
Vulnerability fixed in Microsoft Windows Defender
A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in FortiClient
Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...
Vulnerability fixed in IBM Specturm Protect
IBM has fixed a vulnerability in Spectrum Protect Server. By exploiting this vulnerability obtain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Server 8.1.14.100. For more information, see:...
Vulnerabilities fixed in Bareos
Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...
Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager
Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...
Vulnerability fixed in ARM, AMD and Intel processors
Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...
Vulnerabilities fixed in Dell BIOS
Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...
Vulnerabilities fixed in Sophos SG UTM
Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...
Vulnerability fixed in AMD processors
AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...
Vulnerabilities fixed in BMC Track-It!
BMC has fixed several vulnerabilities in Track-It! A malicious party could exploit the vulnerabilities to gain access to the application or to execute arbitrary code under the application's privileges. The vulnerability with reference CVE-2022-24047 involves an "authentication bypass" that allows...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...
Vulnerabilities fixed in VMware Workstation, Fusion & ESXi
VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...
Vulnerability fixed in VMware NSX Edge
A vulnerability has been fixed in VMware NSX Edge. A authenticated malicious person with SSH access could potentially execute arbitrary commands on the underlying system with root privileges. Although this product is typically connected to a publicly accessible network, it is good practice to mak...
Vulnerabilities fixed in Palo Alto GlobalProtect App
Palo Alto Networks has fixed vulnerabilities in GlobalProtect App. The vulnerabilities potentially enable a local malicious person to able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Microsoft SQL Server and Power BI
Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in VMware Workstation, Fusion & ESXi
A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...
Vulnerabilities fixed in IBM Spectrum Protect Plus
IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...
Vulnerability fixed in ABB OPC Server
A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...
Vulnerabilities fixed in Apple macOS
Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability found in i915 kernel driver
A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...
Vulnerabilities fixed in Dell BIOS
Two vulnerabilities have been fixed in Dell products. The vulnerabilities allow a locally authenticated malicious person potentially be able to execute arbitrary code through a System Management Interupt SMI in the System Management RAM SMRAM of the device. This portion of memory is normally only...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User rights...
Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)
A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...
Vulnerabilities fixed in Oracle Virtualization
Oracle has fixed vulnerabilities in VM VirtualBox. A malicious party needs local access rights to exploit the vulnerabilities. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| |...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in the Siebel UI Framework product. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-2351 | 8.3 | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | |...
Vulnerabilities fixed in Gitlab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Spoofing Accessing sensitive data O...
Vulnerabilities fixed Juniper Junos OS
Juniper has fixed several vulnerabilities in Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Increased user privileges Because these are...
Vulnerabilities fixed in Schneider Electric products
Schneider Electric has fixed vulnerabilities in Modicon products. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service or gain access to sensitive data. Schneider Electric has released updates to address the vulnerabilities. fixes. For more information,...
Vulnerability fixed in H2 Database Console
A vulnerability has been found in the Console component of H2 Database. This vulnerability allows a local malicious person to to execute arbitrary code under application privileges. Researchers at JFrog found this vulnerability during additional research on Java vulnerabilities following Log4j. S...
Vulnerabilities fixed in SolarWinds Orion
SolarWinds has fixed vulnerabilities in Orion. The vulnerabilities marked CVE-2021-35234 and CVE-2021-35248 allow an authenticated malicious person to gain access to user data, including hashed passwords and information about salts used. In addition, a malicious person with alert management...
Vulnerabilities fixed in VMware products
VMware has fixed vulnerabilities in the following products: VMware Cloud Foundation VMware Identity Manager vIDM VMware Workspace ONE Access Access VMware vRealize Automation vRA VMware vRealize Suite Lifecycle Manager A remote malicious party could potentially exploit them to bypass two-factor...
Vulnerabilities fixed in Dell EMC iDRAC
Dell EMC has fixed vulnerabilities in iDRAC8 and iDRAC9.The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to system...
Vulnerability fixed in WIBU Codemeter Runtime
WIBU Systems has fixed a vulnerability in WIBU Codemeter Runtime. A local, authenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause, or manipulate data. The vulnerability can be exploited by creating a symbolic link using...
Vulnerability fixed in SIMATIC eaSie PCS7
Siemens has fixed a vulnerability in SIMATIC eaSie PCS7. A authenticated malicious party can exploit the vulnerability to access arbitrary files via path-traversal on the vulnerable system. The download function in which the vulnerability is not activated by default. Siemens has released updates ...
Vulnerabilities fixed in IBM i2 Analysts Notebook
IBM has fixed vulnerabilities in i2 Analysts' Notebook. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges within the application. IBM has released updates to fix the vulnerabilities in i2 Analysts' Notebook 9.3.1. For more information, see:...
Vulnerability fixed in SonicWall Global VPN Client
A vulnerability has been fixed in SonicWall Global VPN Client. The vulnerability is in the handling of specific DLL files. A local malicious party can exploit the vulnerability to execute arbitrary code. SonicWall has released updates to fix the vulnerability fix in Global VPN Client 4.10.7. More...
Vulnerabilities fixed in SonicWall SMA100 series
Vulnerabilities have been fixed in SonicWall SMA100. The vulnerabilities with the attribute CVE-2021-20038 and CVE-2021-20045 have received a CVSSv3 score of 9.8 and 9.4 and allow an unauthenticated remote malicious person potentially able to execute code execute code on the system. The...
Vulnerability fixed in Dell Wyse Device Agent
A vulnerability has been fixed in Dell Wyse Device Agent version 14.5.4.1 and below. A local authenticated user with low privileges could potentially exploit this security vulnerability and gain access to sensitive information. Dell has released updates to fix the vulnerability in Wyse Device...
Vulnerability fixed in Cryptshare server
A vulnerability has been fixed in the Web App component of Cryptshare server. This vulnerability allows a malicious user of the system to, via an "HTML injection" attack to redirect the recipient of a "confidential" message to an arbitrary web page. The recipient must open such a message message...
Vulnerability concealed in FortiClient
A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...
Vulnerabilities fixed in Zoom
Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...
Vulnerabilities fixed in Siemens SIMATIC WINCC
Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in the following products: SAP ABAP Platform Kernel SAP Commerce SAP ERP Financial Accounting SAP ERP HCM Portugal SAP Focused SAP GUI for Windows SAP NetWeaver Application Server for ABAP and ABAP Platform. SAP Solution Manager The vulnerabilities potentially enable...